Technical Tip: FortiAuthenticator Inactive user lockout policy
Description
This article describes the behavior of the user inactive lockout policy for local users with the role 'User'. This does not work on Remote users or local users with the role 'Administrator'.
Scope
FortiAuthenticator.
Solution
User inactive lockout policy can be configured so that inactive users are disabled after a period of inactivity (it can be configured between 1-1825 days, default 90 days).
Disabled users will not be able to authenticate via FortiAuthenticator, and an admin user has to manually enable the user in order to re-activate it.
However, do take note that this option is only applicable to Local users defined under User Management -> Local Users (role, 'User'); remote users or local users with the role 'Administrator' are not affected by this policy.
For remote users, it is expected that the RADIUS/LDAP/TACACS+ server will implement by returning an authentication failure for the account.
For remote users, it is expected that the RADIUS/LDAP/TACACS+ server will implement by returning an authentication failure for the account.
Related document: